Oracle is planning to fix 40 security vulnerabilities when it releases its Critical Patch Update for Java SE on Tuesday.

All but three of the holes being plugged can be remotely exploited without authentication.

"Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible," the company said in a pre-patch advisory.

Once the updates are released, they can be found here. Starting in October, Java updates will be released on a quarterly basis, instead of three times a year, as part of Oracle's main Critical Patch Update.